Revisiting the Lamberts, i-Soon indictments, VMware zero-days

Three Buddy Problem - Episode 37: This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to its position on tracking Russian threats, and the high-level diplomatic optics at play. Plus, a dissection of ‘The Lamberts’ APT and connections to US intelligence agencies, attribution around ‘Operation Triangulation’ and the lack of recent visibility into these actors. We also discuss a fresh batch of VMware zero-days, China’s i-Soon ‘hackers-for-hire’ indictments, the Pangu/i-Soon connection, and a new wave of Apple threat-intel warnings about mercenary spyware infections. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)Kim Zetter: Did Trump admin order a stand-down on Russia? Unraveling the Lamberts Toolkit (Securelist)VB2019: King of the hill: nation-state counterintelligence for victim deconflictionVB2018: Draw me like one of your French APTs Symantec: Who is Longhorn?VMware: Three new zero-days exploitedBroadcom patches 3 VMware zero-days exploited in the wildDOJ indictments: i-Soon hackers for hire and APT27Unmasking I-Soon Catalan court orders former NSO Group execs be indicted for spyware abusesApple sending 'mercenary spyware' threat notificationsHow Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency HeistSafe{Wallet] post-mortem on ByBit $1.4B crypto heist